hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jens Borgland (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1792) Improve the error message when hostname verification fails
Date Mon, 05 Dec 2016 16:18:58 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15722658#comment-15722658

Jens Borgland commented on HTTPCLIENT-1792:

Well DefaultHostnameVerifier does but that exception is then caught (on row 92) after which
"false" is returned which causes SSLConnectionSocketFactory to create the message I described
(and since this is the message in the exception returned to the calling code it's what ends
up in logs unless we enable debug logging for HttpClient).


> Improve the error message when hostname verification fails
> ----------------------------------------------------------
>                 Key: HTTPCLIENT-1792
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1792
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient (classic)
>    Affects Versions: 4.4.1
>            Reporter: Jens Borgland
>            Priority: Minor
> When hostname verification fails {{org.apache.http.conn.ssl.SSLConnectionSocketFactory}}
will throw a {{SSLPeerUnverifiedException}} with a message like this:
> {noformat}
> Host name 'FOO' does not match the certificate subject provided by the peer (CN=BAR)
> {noformat}
> *Expected:*
> Including the _subject alternative names_, rather than the CN, in the message would be
a lot more helpful when troubleshooting (and probably more correct since the use of CN matching
is deprecated through RFC 2818).

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message